[Boraan]

Hey guys, Boraan here. sorry I've been away for so long but I've been neck deep in code for the past several months working on a project. The SitePM project is something I've been working on for a very long time but the initial launch works.

The basic idea is to stop spam, not by filtering or lists, but to stop the spammer from sending messages. Spam prevention today is reactive. A message comes and it is then marked, deleted, and shoved out as spam. SitePM works differently.

Now what I need is to populate the system with users to give it a real "stress test" - so I'm giving out free accounts. No fees, no credit card checks, none of that. I just need people to sign up and start using the system.

This is for a commercial project and in exchange for your cooperation and feedback, you all get to keep the accounts you make even after it goes live.

Will you guys help with that? It will be much appreciated.

Information about SitePM Messaging System:
http://business.techdex.net

There is a whitepaper release (11 pages; .doc format) that explains in depth the concepts and design of the system on that page as well.
http://business.techdex.net/rc/echom...%20Release.doc

The registration link to bypass the payment system will ony be up for a couple weeks so here it is:
http://business.techdex.net/cgi-bin/sitepm_free.cgi

My username there is echomusic. Message me if you have any problems so I can go bug hunting.

NOTE: The file upload is down for code updates.

Thanks everybody.

Boraan

[bizzar528]

When trying to validate and just send a test message, I get the following...

Quote:

Invalid user. Messaging cannot proceed.

The directory is open without having to login. I'm also opposed to just listing of the usernames. That's spam bait. Especially since the site can send PM's without logging in.
http://business.techdex.net/cgi-bin/directory.cgi

I'd also perfer to see a more advanced captcha.

Also, I added a contact with just a name and email address (another of my own, not registered through the site) then tried to send a message to that contact. However, I got no notification to my email that a message was sent. How does this contact view the message? Or is the service only available to people who are registered through the site? In which case, why make it so I can just randomly add a contact.

[Boraan]

Invalid user is a typo when trying to send a message. I just sent you a message on the system.

The directory is open like a phone book, but users can can opt out from Options > Update. The captcha is there for now because it's what I use while testing. i have a more advanced image template, but either way it does it's job of requiring human input verification.

The message alert I disabled when adding a contact. I had more than one person requesting it disabled.

When I add in the newsletter manager, that will be added to it.

When you send an email to a user, the message shows up in their inbox. You actually send an email from the system. People who reply or want to send a new message must do it from the system. This is probably the only setback to the system until I get the outlook addons done.

Any system can add a contact. It's just an address book. People not on the system can contact you one of two ways too.

First is to got to the site and put in your username and send a message. The next is the message button feature that you can put on any of your sites.

Great feedback - keep it coming...

Edit: There is a big patch coming out in a few weeks that will address alot of the requests from senders, bug fixes, features, a whole new skin for the site with better GUI, and tons of content updates.

I do need more testers please. I can't do proper benchmarks until I have 250 people or more. Please get your free account. Thanks guys

Boraan

[Boraan]

Oh. I wanted to add that you missed how the security is set up. Most email today the security is defensive. This system is aggressive in nature because it's built on trust.

In the whitepapers I broke it down in detail, but if you imagine the security in a bank, it's aggressive. Security guards, cameras, vault, access codes, etc. It's designed to keep people out.

With email today, it's the equivalent of letting everyone in the vault and filtering them out, and at the same time making a list of the people you want to keep inside the vault. Regardless of what you do though, the people you filter out can still come in the vault another way.

What I've done is change that approach. I took to focus off of the message and put it on the sender. Anyone can send you a message until they abuse the system and you choose to block them. Then what happens is the equivalent of turning off the send button on the sender's computer. The system won't allow a blocked person to send messages.

The whole concept is stop the sender, stop the spam. Today it's identify what's spam and block the messages like it.

My point is that it doesn't matter if your username is listed or not. Once a method is blocked, it's truly blocked. The sender, if they're really serious they will have to resort to changing the spelling of words, adding dashes to get around the detection, using fake email addresses, etc. Most of it won't matter regardless because you can also ban ip addresses.

The bonus there is that the more they try to find ways to send spam, the more they lock themselves out. Eventually, they'll lock themselves out completely. Instead of us working to stop spam, they're doing it to themselves. That's aggressive security.

There are also other security features there as well. Bots are basically obsolete with this system. Someone would have to write a custom program to even attempt to use a bot. And even if they manage to do that, messages can only be sent from authorized access points or they get an error.

I've spend two years programming this system from scratch and it's been in use for about a year now, and for someone like me who gets 100+ spam emails a day because of multiple websites, I've been spam free on the system for 8 months. Not a single spam message.

Boraan

[bizzar528]

Eh, I understand it, I just disagree with it. I just wanted to see how it was executed.

[Boraan]

would it be better if I renamed it to Address Book and put a nifty little link that said add to address book like regular email. Regular email doesn't sent notices when someone is added. it's the same deal here.

[bizzar528]

No, stay the course. Don't let someone like me distract you from what your working on.

[End User]

Quote:

Originally Posted by Boraan

Anyone can send you a message until they abuse the system and you choose to block them.

That's more or less the way email works now. Anyone can send you a message until you ban them.

Quote:

Originally Posted by Boraan

The whole concept is stop the sender, stop the spam. Today it's identify what's spam and block the messages like it.

I appreciate what you're doing, but I doubt it'll be effective in the long run. (If I'm wrong, great!) The problem that I see with this approach is that it's far to easy to masquerade as a thousand different senders, with different IPs, email addresses, and user names. Then you're back to banning them one by one. And they only need to send you one message to "succeed". So what happens when 500 "different" users each send you one message? You'll get 500 spam emails, that's what. You block them all, and the next day they do the same thing with another 500 different names, IPs, and email addresses.

Quote:

Originally Posted by Boraan

My point is that it doesn't matter if your username is listed or not. Once a method is blocked, it's truly blocked. The sender, if they're really serious they will have to resort to changing the spelling of words, adding dashes to get around the detection, using fake email addresses, etc.

And this is, of course, exactly what they'll do. And they have the entire English language to play with to create an infinite number of permutations of unique messages...blocking them will be like playing Whack-A-Mole, just like it is today.

Quote:

Originally Posted by Boraan

Most of it won't matter regardless because you can also ban ip addresses.

Do you have any idea how many open proxies there are on a given day? I have over 130,000 listed in my bot-blocking database, and the number goes up every single day, sometimes by hundreds and hundreds of IPs. Blocking IP addresses is a losing battle; you will never, ever be able to keep up with all of the proxies going in and out of service daily.

You say you get 100 spam emails a day....I get over 1,000 every single day. Some days I get close to 5,000. The only thing I use is DSPAM, and it works. I rarely get a spam mail passed through to me, and it "learns" and improves with every email it receives, spam or not.

[Boraan]

End User I love cynicism. It shows exactly how short-sighted point of views are sometimes. Everything you just said is true, (in your own words) as it is now, or how it works today.

As we both so duly agreed on, today, anyone can send you a message. The short-sighted part where you said until you ban them. Email today doesn't have that capability.

The difference between your meaning of ban and mine are completely different. Yours, like everyone else (most everyone else), means that you don't get any messages from that person - you have no way of blocking that person.

As someone stated about SitePM, we stop a spammer from clicking send on their computer. That is banned. What we have today is filtering the message. A blocked user can still send a message whether you get it or not.

That is fact because the system is built to respond to messages that don't pass the algorithms. They have to scan the entire message and if it passes deliver it anyway. There are 2 possibilities after that. Send it to a spam folder or trash it.

The point is, the sender hasn't been banned. They can still send all day long. So yes, what you said is true, even with the changing of names, spellings, etc. (that is to get around the algorithms).

We laugh in the IT room because people only see it in one way - the same way you described it - as it is today. There is no thinking about a better way and any change is often met with resistance and cynicism.

Email is like a vault where anyone can come inside and the best security we have is inside the vault filtering people out. It's a system without trust and accountability and as long as it remains that way there will always be spam and billions of dollars wasted trying to prevent it and it will always fail because it has no trust.

Now, think big for a second to my definition of ban. Email today focusses on the message. It was designed to answer the question, what is spam?

SitePM changed the focus to answer the question, who is a spammer?

The only way to do that is to build a system with trust. Every IT system in the world is built on trust. We've got pass protection, credentials, and so on. Why doesn't email?

We say who can and cannot access our homes, our computers, our networks, our place of work and the list goes on and on, yet we leave email with a big gaping hole where anyone can use it.

In stead of matching message headers and content to an algorithm to see if it's spam and if it is block or filter, SitePM doesn't even let the message get sent. The sender gets "you have been blocked."

Email today let's you send attachments to anyone at anytime as well. With SitePM, nobody can send you an attachment unless they have your explicit permission. SecureKey Verification is like a pin number that a sender must use in order to send you a file. No more viruses, keylogger, or any malware from unknown sources.

That's what trust is all about. Of the beta testers there are fourteen midsize companies who created accounts for their employees and they all report less bottlenecks and a faster network because there is significantly less trash data floating around.

Users are spending more time getting the important messages instead of surfing through a spam folder looking for an important message that might have been identified as spam. No more allow sender lists needed.

That's time saved, money saved, and a more secure system - that's increased productivity and higher profits. The day email does that I'll pack up SitePM myself.

The law has changed regarding the use of email for discovery in court cases. In some states email is not allowed to be used as evidence. The new proposed changes reguired for evidence is that email must be managed and verifiable.

Email today anyone can fake an email, send an email from anywhere, even make it look like it came from someone else. SitePM is database driven with redundancy and can be use as evidence in a courtroom. That came from two attourneys and a judge who are now using the system to deal with their clients.

The head of an IT company in Raleigh, NC put it in writing for me, "your system is so far ahead of Exhange that it isn't funny."

A few years ago there was a massive DDOS (denial of service) attack that shut down communications for several hours and service altogether for a few days. DDOS attacks are emerging as one of the greatest threats to the Internet and DNS is one of the largest targets. Stop DNS and you have no domain names resolving to IP addresses.

It may sound dumb except it's already been happening. Hackers are attacking POPS and Registratar's that house the DNS tables that hold the records. They can in fact stop the Internet by breaking the domain name service.

SitePM uses a technology we designed called Mock DNS. The idea is like a BDC for messaging. When the primary goes down, you bring up the second and messaging continues uninterrupted.

It's a private routing system. It's a great defense strategy for corporations, government, the military...

Did you ever stop to think what would happen if terrorism included not just biological, chemical or nuclear, but IT terrorism as well? Sure, right now people are blowing up stuff, killing people, etc. but you would cripple countries if communications were cut off.

SitePM allows communication to continue in the face of threats like DDOS attacks. That's not just security, but national security. That's what I mean by thinking big vs being short sighted.

There are so many more features coming out for SitePM that it's not even funny.

At the risk of sounding rude, which is unintentional, me and my team have spent the past two years developing this system before it first went live. I can assure that with the caliber of the people I work with, if the project was as you just said it wouldn't have gotten off the ground.

I didn't come here to ask for permission to build the system, nor did I ask for a critique of the system, though I do really appreciate your insight and comments.

You said you appreciate what I'm trying to do, but... I'm going to have to cut you off there. I'm not trying to do anything. It's already done. SitePM is live and in use and I have the backing of several large companies that are both using the system and funding the project, including Microsoft.

With some changes coming up in the next few months we are planning a serious usage boost - as much as 250,000 users. I came to ask for beta testers and the feedback of the beta testers to build information for the next patch to the system - features, updates, etc.

I still need several people to be beta testers and the free offer is still on the table if anyone is interested.
http://business.techdex.net/cgi-bin/sitepm_free.cgi

[bizzar528]

Stop defending your system. Either it will work out, or fizzle out like most good ideas on the internet. Writing long posts defending your product won't convince anyone here.

But honestly, save your breath. Trying to convince a bunch of programmers that your private messaging system is going to be better than email is a lost cause. Maybe end users who barely understand email might be able to get snowballed into thinking email is a dying technology, but anyone in a tech field knows it isn't. Email is the backbone of business, and private messaging is not going to be the replacement.

Get your testers, try to sell some memberships, and see how far that takes you. I read a great article about minimum viable products over the weekend that I think might sum up your project pretty well.

here's the link... http://venturehacks.com/articles/minimum-viable-product

Ignore the video presentation, it's basicallly just the same text under it with slides. But here's the part that I think might apply to you...

Quote:

We thought it was a great idea for that whole two weeks. We built it out and we shipped it and we spent countless hours debating exactly what features had to be in it or not in it, and we were going to sell it for $1.99.

Our theory was, pricing won’t get in the way of anybody buying this thing. We want to make it cheap and easy and it will make lots of buzz and Wall Street Journal and New York Times are going to cover this thing; it’s going to be awesome.

I remember for us in those days, two weeks of development was a lot, because we were a pretty fast team. We did that, we shipped it — cut to the chase, nobody bought it. We sold exactly zero copies of the Kerry vs. Bush avatar.

We tried a bunch of different permutations and different variations of it and added features, and we changed the price, and eventually we gave it away for free, and even at free we couldn’t sell any copies.